Scribd
Upload
257 views

Sandbox

Sandbox technology provides protection from new threats by running suspicious code in a virtual environment separate from the main system. This allows the code's behavior to be analyzed without risk of harm. Sandboxing can detect "day-zero" attacks that antivirus software misses since the threat is unknown. It executes files in a simulated operating system to identify malicious actions before deciding whether to block the file from the computer. The seminar concluded that sandbox is currently the most effective technology for defending against latest or unknown security risks.

Uploaded by

Shripad Pulujkar
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
257 views

Sandbox

Sandbox technology provides protection from new threats by running suspicious code in a virtual environment separate from the main system. This allows the code's behavior to be analyzed without risk of harm. Sandboxing can detect "day-zero" attacks that antivirus software misses since the threat is unknown. It executes files in a simulated operating system to identify malicious actions before deciding whether to block the file from the computer. The seminar concluded that sandbox is currently the most effective technology for defending against latest or unknown security risks.

Uploaded by

Shripad Pulujkar
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 25

SEMINAR ON SANDBOX TECHNOLOGY

By Shripad Pulujkar

Introduction

Every day one start using computer virus infection becomes the issue of concern. User is always left worried about security of his crucial & confidential data. Antivirus software currently available are particularly suitable for detecting & eliminating known viruses only. This tradition concept becomes less effective as it doesnt do anything about new threats. Encrypted viruses are also a major headache as they are not detectable by traditional antivirus software.

Introduction

The only product that can defend us against such security threats is the product having sanboxing capabilities. Sandbox uses the general concept of running more than one operating systems in a single environment.

Types of virus attacks

Virus Trojan Horse Worm Active content

Virus

A virus is a malicious program that can affect the other non-malicious programs by modifying them. A virus infects a program by attaching itself to that program & thus the infected program then acts as a virus itself & infects other nonmalicious programs.

Trojan Horse

Trojan horse is not actually a virus as it does not affect our non-malicious programs but opens gate for other computer viruses to affect our system. Most of the time it works as a spyware which collects information about our computing & browsing habits which may include our account password or credit card no. & uses it for non-ethical purpose.

Worms

Worm works exactly as virus infecting our nonmalicious programs & then turning them in to worm itself. The only difference between worm & virus is worm can only spread on network while virus can spread through any medium.

Active Content

Active content refers to a software component that are embedded in an electronic document which can trigger actions automatically often without users approval or even knowledge. Active content can be delivered to users computer while browsing web, enabling websites to provide increased functionality such as website toolbar or browser plug-ins etc.

Active Content

Active contents can be delivered also via email, instant messaging & other means of communication on internet. Active content technology includes: Java applets, Java scripts, visual basic scripts, ActiveX controls etc.

Different Security Techniques

Digital signature Virus Detection SANDBOXING

Digital signature

Digital signature is an electronic signature that is used to authenticate the identity of the sender message or file & ensures the document which has been sent is unchanged. A digital signature can be used with email messages, so that the receiver can be sure of senders identity & message arrived is not infected.

Virus detection

This is the most common method used against the different virus attacks & traditional antivirus softwares are used for virus detection. Each antivirus software has his own virus database & suspicious files are compared with this database.

Virus detection

The problem with this method is that even the most advanced antivirus companies requires some time to capture & examine a virus & write its signature so that customers antivirus software can detect it. Also this signature needs to be distributed to customers so that their software will recognize the new threat. This process creates time lag between detection & protection which is enough to cause a serious damage.

What is sandbox?

Sandboxing is simply a security concept; a sandbox is a sealed container, which allows un-trusted programs to execute. Essentially, programs can only plays within the sandbox. Sanboxing is where we can take suspicious code & run it in a virtual environment (secured from the rest of the system) in order to see exactly how the code works & what is its purpose.

What is sandbox?

It allows us to run malicious code in protected environment so that code cant harm our data. Sandbox can protect our system against unknown threats as it can be used to detect the behaviour of the program.

Components of Sandbox

The application that is to be executed Sandbox it self which provides restrictive access Sandbox manager System resources those malicious codes will try to access.

Working of Sandbox

Sandbox works in its own simulated operating system & capable of emulating any operating system including DOS & windows. The advantage of simulating multiple operating systems is that it allows to catch viruses on different platforms.

Working of sandbox

Features of Norman Sandbox 2005

Supports for more than 3000 different APIs Multithread support Support for thread injection to remote processes Detection of E-mail harvesting

Features of Norman sandbox 2005

Improved network support Support for threats through instant messaging communication.

Protection from Day-zero attack

The Day-Zero attack is an attack that takes place on very same day as program has been identified as security threat. In such situation, if wait for the creation and distribution of this latest virus signature files. By that time it may be too late for many organizations to avoid getting infected.

Protection from Day-zero attack

It leaves networks vulnerable and unprotected until they can distribute the required detection files to get the virus protection back on track. This can cause tremendous damage and heavy expenses to the corporation. Sandbox can become best solution in such situation. As we can execute the suspicious file in virtual environment provided by sandbox & monitor its behavior.

Protection from Day-zero attack

Based on the analysis, the system will determine whether to quarantine the file or to allow the file to enter the computer itself. Doing this on a real system can hardly be a feasible solution. To be able to do this within an acceptable time frame and with efficient system resources, a separate module (Sandbox) with its own operating system is needed.

Conclusion

It is the only effective technology till date which can protect against latest or even unknown threats. Better than most advanced antivirus softwares. Sandbox can act as a safety net to catch attacks that slip through main anti virus program and other protections.

THANK YOU.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy